Valid 312-85 Dumps shared by ExamDiscuss.com for Helping Passing 312-85 Exam! ExamDiscuss.com now offer the newest 312-85 exam dumps, the ExamDiscuss.com 312-85 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com 312-85 dumps with Test Engine here:
Lizzy, an analyst, wants to recognize the level of risks to the organization so as to plan countermeasures against cyber attacks. She used a threat modelling methodology where she performed the following stages: Stage 1: Build asset-based threat profiles Stage 2: Identify infrastructure vulnerabilities Stage 3: Develop security strategy and plans Which of the following threat modelling methodologies was used by Lizzy in the aforementioned scenario?
Correct Answer: C
The threat modeling methodology employed by Lizzy, which involves building asset-based threat profiles, identifying infrastructure vulnerabilities, and developing security strategies and plans, aligns with the OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) methodology. OCTAVE focuses on organizational risk and security practices, emphasizing self-directed risk assessments to identify and prioritize threats to organizational assets and develop appropriate security strategies and plans. This methodology is asset-driven and revolves around understanding critical assets, identifying threats to those assets, and assessing vulnerabilities, leading to the development of a comprehensive security strategy.References: * The CERT Guide to System and Network Security Practices by Julia H. Allen * "OCTAVE Method Implementation Guide Version 2.0," Carnegie Mellon University, Software Engineering Institute
